<?php
/*
	Muffinz CMS - A website content management system.
	Copyright (C) 2010-2011 Sigitas Zelenkovas

	This program is free software; you can redistribute it and/or
	modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation; either version 2
	of the License, or (at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program; if not, write to the Free Software
	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
	
	Optionally you can also view the license at <http://www.gnu.org/licenses/>.
*/

if($exec == 1){
	$cTheme->SetTitle("News management");
	if($user->Flag("r") || $user->Flag("n")){ // news section requires 'n' flag (n = news)
		if((isset($_POST['editor']) && $_POST['editor'] != "") && (isset($_POST['title']) && $_POST['title'] != "")){
			$data = $q->Send("SELECT * FROM news WHERE title=\"".$q->Escape($_POST['title'])."\"");
			if($q->Rows($data) == 1){
				$q->Send("UPDATE news SET text=\"".$q->Escape($_POST['editor'])."\", link=\"".(($_POST['link'] != null)?$q->Escape(str_replace(" ", "-", $_POST['link'])):$q->Escape(str_replace(" ", "-", $_POST['title'])))."\", allowvotes=".($_POST['allowvoting'] == "on" ? 1:0).", allowcomments=".($_POST['allowcomment'] == "on" ? 1:0)." WHERE title=\"".$q->Escape($_POST['title'])."\"");
			}else if($q->Rows($data) == 0){
				$q->Send("INSERT INTO news (title, text, user, link, allowvotes, allowcomments) VALUES(\"".$q->Escape($_POST['title'])."\",\"".$q->Escape($_POST['editor'])."\", {$_SESSION['user']['id']}, \"".(($_POST['link'] != null)?$q->Escape(str_replace(" ", "-", $_POST['link'])):$q->Escape(str_replace(" ", "-", $_POST['title'])))."\", ".($_POST['allowvoting'] == "on" ? 1:0).", ".($_POST['allowcomment'] == "on" ? 1:0).")");
				$data = $q->Fetch_array($q->Send("SELECT * FROM news ORDER BY id DESC LIMIT 1"));
				header("Location: {$_SESSION['sys']['core_link_full']}{$_SESSION['sys']['core_link']}{$_SESSION['sys']['core_link_admin']}index.php?page=news&edit={$data[0]}");
			}
		}
		
		if(isset($_GET['delete']) && $_GET['delete']){
			if((isset($_POST['delete']) && $_POST['delete'] != "") && (isset($_POST['del']) && $_POST['del'] != "")){
				if($_POST['del'] == "Yes"){
					$q->Send("DELETE FROM news WHERE id=\"".$q->Escape($_POST['delete'])."\"");
					header("Location: {$_SESSION['sys']['core_link_full']}{$_SESSION['sys']['core_link']}{$_SESSION['sys']['core_link_admin']}index.php?page=news");
				}else {
					header("Location: {$_SESSION['sys']['core_link_full']}{$_SESSION['sys']['core_link']}{$_SESSION['sys']['core_link_admin']}index.php?page=news");
				}
			}else {
				$buffer  = "<form method=\"post\" action=\"\">Are you sure you want to delete this article?<br /><br />";
				$buffer .= "<input type=\"hidden\" name=\"delete\" value=\"{$_GET['delete']}\" /><input type=\"submit\" class=\"button\" name=\"del\" value=\"Yes\" />&nbsp;<input type=\"submit\" class=\"button\" name=\"del\" value=\"No\" />";
				$buffer .= "</form>";
				
				$cTheme->AddModule("", $buffer, 5);
				
				$data = $q->Send("SELECT * FROM news WHERE id=\"".$q->Escape($_GET['delete'])."\"");
				if($q->Rows($data) == 1){
					$data = $q->Fetch_array($data);
					$cTheme->AddModule($data['title'], $data['text'], 10);
				}
			}
		}else {
			if(isset($_GET['edit'])){
				$buffer = "";
				$buffer .= "";
				
				if($_GET['edit'] == "NEW"){
					$buffer .= "<form method=\"post\" name=\"ftm\">Title:<br /><input type=\"text\" name=\"title\" value=\"\" style=\"width:100%;\"/><br />Link: (not recommended to use non-unicode characters)<br /><input type=\"text\" name=\"link\" value=\"\" style=\"width:100%;\"/><br />Content:<br /><textarea name=\"editor\" rows=\"20\"></textarea><br /><input type=\"checkbox\" id=\"coments\" name=\"allowcomment\" /><label for=\"coments\">Allow commenting</label><br /><input type=\"checkbox\" id=\"voting\" name=\"allowvoting\" /><label for=\"voting\">Allow voting</label><br /><br /><input type=\"submit\" class=\"button\" value=\"Post\" /></form>";
					
					$cTheme->AddModule("Edit", $buffer, 4);
				}else {
					$data = $q->Send("SELECT * FROM news WHERE id=\"".$q->Escape($_GET['edit'])."\"");
					if($q->Rows($data) == 1){
						$data = $q->Fetch_array($data);
						$buffer .= "<form method=\"post\" name=\"ftm\">Title:<br /><input type=\"text\" name=\"title\" value=\"".htmlentities($data['title'],ENT_COMPAT,'utf-8')."\" style=\"width:100%;\" /><br />Link: (not recommended to use non-unicode characters)<br /><input type=\"text\" name=\"link\" value=\"".htmlentities($data['link'],ENT_COMPAT,'utf-8')."\" style=\"width:100%;\"/><br />Content:<br /><textarea name=\"editor\" rows=\"20\">".htmlentities($data['text'],ENT_COMPAT,'utf-8')."</textarea><br /><input type=\"checkbox\" id=\"coments\" name=\"allowcomment\"".($data['allowcomments']?" checked":"")." /><label for=\"coments\">Allow commenting</label><br /><input type=\"checkbox\" id=\"voting\" name=\"allowvoting\"".($data['allowvotes']?" checked":"")."  /><label for=\"voting\">Allow voting</label><br /><br /><input type=\"submit\" class=\"button\" value=\"Change\" /></form>";
						
						$cTheme->AddModule("Edit", $buffer, 5);
					}else if($q->Rows($data) == 0){
						$cTheme->AddModule("Error", "News post was not found.", 5);
					}
				}
			}
			
			$buffer = "<a href=\"{$_SESSION['sys']['core_link_full']}{$_SESSION['sys']['core_link']}{$_SESSION['sys']['core_link_admin']}index.php?page={$_GET['page']}&edit=NEW\">New post</a><br /><br /><table cellspacing=\"0\" cellpadding=\"3\">";
			$data = $q->Send("SELECT * FROM news ORDER BY id DESC");
			while($row = $q->Fetch_array($data)){
				$buffer .= "<tr><td>{$row['title']}</td><td>".$spell->Check(htmlentities(substr($row['text'], 0, 512),ENT_COMPAT,'utf-8'))."</td><td nowrap>{$row['time']}</td><td><a href=\"{$_SESSION['sys']['core_link_full']}{$_SESSION['sys']['core_link']}{$_SESSION['sys']['core_link_admin']}index.php?page=news&delete={$row['id']}\"><img src=\"".$cTheme->tmplFolder.$cTheme->Theme()."/images/delete.png\" width=\"10px\" height=\"10px\" /></a></td><td><a href=\"{$_SESSION['sys']['core_link_full']}{$_SESSION['sys']['core_link']}{$_SESSION['sys']['core_link_admin']}index.php?page=news&edit={$row['id']}\"><img src=\"".$cTheme->tmplFolder.$cTheme->Theme()."/images/edit.png\" width=\"10px\" height=\"10px\" /></a></td></tr>";
			}
			$buffer .= "</table>";
			$cTheme->AddModule("News", $buffer, 10);
		}
	}else {
		$cTheme->AddModuleError("You cannot access this page. Missing permission.");
	}
}else { header("Location: /"); }